Hi, I am running dovecot on Fedora Linux in our organization and use IMAP as well as POP3 protocols for mail retrieval. I want to impose the following user based restrictions: (a) I want to permit only selective users to access either POP3 or IMAP server or both. (b) The server can be accessed from LAN as well as WAN. However I want to allow only selective users to be able to access POP3 or IMAP server from the WAN side (or on the basis of IP addresses). What do I need to do to impose these restrictions ? Thanks,
Net Cerebrum wrote:>(a) I want to permit only selective users to access either POP3 or >IMAP server or both. > >This is easy, assuming you're using PAM for user authentication. Edit /etc/dovecot.conf and set auth_passdb = pam * Then Dovecot will use different PAM configurations for POP3 and IMAP. You can set up the initial PAM services as copies of the Dovecot service: cd /etc/pam.d cp dovecot pop3 cp dovecot imap Then you can edit /etc/pam.d/pop3 and /etc/pam.d/imap to define whatever criteria you want for who can use POP3 and who can use IMAP. We use a simple text file, /etc/imapusers, and have Dovecot deny POP3 access to anyone who's listed in imapusers. To do that, we insert the following line at the beginning of /etc/pam.d/pop3: auth required /lib/security/$ISA/pam_listfile.so item=user file=/etc/imapusers sense=deny See /usr/share/doc/pam* for other ways to use PAM to permit or deny users.>(b) The server can be accessed from LAN as well as WAN. However I want >to allow only selective users to be able to access POP3 or IMAP server >from the WAN side (or on the basis of IP addresses). > >A POP3/IMAP proxy might be able to do this. You'd have to set it up on a separate machine (or on separate ports), force WAN users to go through it, and configure the proxy to only let certain users log in. I don't know if there are any POP3/IMAP proxies that permit selective logins like this, so I don't know if this will work. Josh Kelley
On 23.6.2005, at 07:46, Net Cerebrum wrote:> I am running dovecot on Fedora Linux in our organization and use IMAP > as well as POP3 protocols for mail retrieval. I want to impose the > following user based restrictions: > > (a) I want to permit only selective users to access either POP3 or > IMAP server or both. > > (b) The server can be accessed from LAN as well as WAN. However I want > to allow only selective users to be able to access POP3 or IMAP server > from the WAN side (or on the basis of IP addresses).Besides using PAM modules, it's possible with 1.0-tests and 1.0-stables to use SQL passdb and use %s and %r variables in them (see http://wiki.dovecot.org/Variables) -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20050628/77f05f23/attachment-0001.bin>